well... I'm sure the answer to my question may be hanging around in old discussions in EH-Net but I have been unable to locate it...

Maybe someone can point me to the right direction? In general, all of the books I have purchased (GRAY HAT Hacking, Professional Penetration Testing, CEH Prep Guide) present no clear definition of what a Red Team is and does.

I assume that a Red Team is a group of PenTesters with separated tasks but with a common PenTest goal. Is that so?

"Red team-blue team exercises take their name from their military antecedents. The idea is simple: One group of security pros--a red team--attacks something, and an opposing group--the blue team--defends it. Originally, the exercises were used by the military to test force-readiness."

"The concept of a "Red Team " attack from a military perspective is to imitate potential threats and use the same vectors that the adversary would use during an attack. The problem with this terminology used in information security is that a Red Team project somehow tries to separate itself from the general concept of a "penetration test; " as if a Red Team assessment is somehow more than a pen test – more intensive, more advanced, or perhaps more effective in identifying and exploiting vulnerabilities within an organization’s network. To separate Red Team from the term "penetration testing, " proponents of the term "Red Team " distinguish Red Team efforts by restricting penetration testing to vulnerability verification without the ensuing enumeration component (or at least minimal enumeration). Opponents to the term believe that Red Team activities are already a subcomponent of penetration testing, and the attempt to separate Red Team from pen testing is simply a marketing ploy."

Now to add confusion. I worked as a contractor to a large company who supported an automotive company. *cough*eds*cough*gm*cough*.

Both groups used the term as part of the change control processes. A person would submit a change, and the rest of that person's team (Sys admins, network engineers, etc) would "red team" the change to make sure everything was right and not break when implemented.